class AreaController extends BaseController{
    def beforeInterceptor = [action:this.auth]

    def index = { redirect(action:list,params:params) }

    // the delete, save and update actions only accept POST requests
    static allowedMethods = [delete:'POST', save:'POST', update:'POST']

    def list = {
        params.max = Math.min( params.max ? params.max.toInteger() : 10,  100)
        //Check which kind of data that should be able to been shown
        //The developing mode
       /* if(session.access.equals("admin")){
            [ areaInstanceList: Area.list( params ), areaInstanceTotal: Area.count() ]
        }
        else{*/
            //Declare which access the login user has
            def access = session.access
            //Have to refresh the instans to aviod session error
            access.refresh()
            if(access.hasDevAuth()){
                [ areaInstanceList: Area.list( params ), areaInstanceTotal: Area.count() ]
            }
            else if(access.hasAdminAuth()){
                def list = Area.findAllByContainer(access.container)
                [ areaInstanceList: list, areaInstanceTotal: list.count()]
            }
            else if(access.hasManagerAuth()){
                def list = Area.get(access.area.id)
                [ areaInstanceList: list, areaInstanceTotal: list.count()]
            }
            else{
                flash.message = "Missing Authorization!"
            }
        //}
    }
    //Authorization is implemented in show
    def show = {
        def areaInstance = Area.get( params.id )

        if(!areaInstance) {
            flash.message = "Area not found with id ${params.id}"
            redirect(action:list)
        }
        else {
            if(session.access.equals("admin")){
               return [ areaInstance : areaInstance ] }
            }
            def access = session.access
            access.refresh()
            if(access.checkAccess("area", "show", areaInstance.id)){
                return [ areaInstance : areaInstance ]
            }
            else{
            flash.message = "Missing Authorization!"
            redirect(action:list)
        }

    }
    //Authorization is implemented in delete
    def delete = {
        def areaInstance = Area.get( params.id )
        if(!areaInstance){
            flash.message = "Area not found with id ${params.id}"
            redirect(action:list)
        }
        def access = session.access
        access.refresh()
        if(access.checkAccess("area", "delete", areaInstance.container.id)){
            if(areaInstance) {
                try {
                    areaInstance.delete(flush:true)
                    flash.message = "Area ${params.id} deleted"
                    redirect(action:list)
                }
                catch(org.springframework.dao.DataIntegrityViolationException e) {
                    flash.message = "Area ${params.id} could not be deleted"
                    redirect(action:show,id:params.id)
                }
            }
        }
        else{
            flash.message = "Missing Authorization!"
            redirect(action:list)
        }
    }
    //Authorization is implemented in edit
    def edit = {
        def areaInstance = Area.get( params.id )

        if(!areaInstance) {
            flash.message = "Area not found with id ${params.id}"
            redirect(action:list)
        }
        def access = session.access
        access.refresh()
        if(access.checkAccess("area","edit", areaInstance.id)){
            return [ areaInstance : areaInstance ]
        }
        else{
            flash.message = "Missig Authorization!"
            redirect(action:list)
        }
        
    }
    //Authorization is implemented in edit updatee(
    def update = {
        def areaInstance = Area.get( params.id )
        if(!areaInstance) {
            flash.message = "Area not found with id ${params.id}"
            redirect(action:list)
        }
        else {
            if(params.version) {
                def version = params.version.toLong()
                if(areaInstance.version > version) {
                    areaInstance.errors.rejectValue("version", "area.optimistic.locking.failure", "Another user has updated this Area while you were editing.")
                    render(view:'edit',model:[areaInstance:areaInstance])
                    return
                }
            }
            def access = session.access
            access.refresh()
            if(access.hasDevAuth()){
                areaInstance.properties = params
                if(!areaInstance.hasErrors() && areaInstance.save()) {
                 flash.message = "Area ${params.id} updated"
                 redirect(action:show,id:areaInstance.id)
                }
                else {
                    render(view:'edit',model:[areaInstance:areaInstance])
                }
            }
            if(access.hasAdminAuth() && access.container.equals(Container.get(params.container.id))){
                areaInstance.properties = params
                if(!areaInstance.hasErrors() && areaInstance.save()) {
                 flash.message = "Area ${params.id} updated"
                 redirect(action:show,id:areaInstance.id)
                }
                else {
                    render(view:'edit',model:[areaInstance:areaInstance])
                }
            }
            else if(access.hasManagerAuth() && access.area.id.equals(areaInstance.id)){
                areaInstance.properties = params
                if(!areaInstance.hasErrors() && areaInstance.save()) {
                    flash.message = "Area ${params.id} updated"
                    redirect(action:show,id:areaInstance.id)
                }
                else {
                    render(view:'edit',model:[areaInstance:areaInstance])
                }
            }
            else{
                flash.message = "Missing Authorization!"
                render(view:'edit',model:[areaInstance:areaInstance])
            }
            
        }
    }
    //Authorization is implemented in create
    def create = {
        def access = session.access
        access.refresh()
        if(access.checkAccess("area","create", null)){
            def areaInstance = new Area()
            areaInstance.properties = params
            return ['areaInstance':areaInstance]
        }
        else{
            flash.message = "Missing Authorization!"
            redirect(action:list)
        }

    }
    //Authorization is implemented in save
    def save = {
        def areaInstance = new Area(params)
        def access = session.access
        access.refresh()
        if(access.checkAccess("area", "save", areaInstance.container.id)){
            if(!areaInstance.hasErrors() && areaInstance.save()) {
                flash.message = "Area ${areaInstance.id} created"
                redirect(action:show,id:areaInstance.id)
            }
            else {
                render(view:'create',model:[areaInstance:areaInstance])
            }
        }
        else{
            flash.message = "Missing Authorization!"
            redirect(action:list)
        }

    }
}